Beaumont: Personal info of 112K potentially exposed in data breach
Beaumont Health issued notices Friday about a data breach last year that officials said could have exposed the personal information of up to 112,000 people.
The eight-hospital system launched an investigation and worked with cyber-security professionals immediately after learning an unauthorized third party accessed some employee email accounts, representatives said in a statement.
"After an extensive forensic investigation and comprehensive manual document review, we discovered on March 29, 2020 that one or more of the email accounts accessed between May 23, 2019 to June 3, 2019 contained identifiable personal and/or protected health information," the release said.
"Our investigation was unable to determine definitively if any information was actually acquired by the unauthorized third party, and Beaumont has no knowledge of any inappropriate or misuse of any data. Beaumont’s electronic medical record system was not impacted by this incident and remains secure."
The accessed email accounts had information of patients including name, birth date, diagnosis, diagnosis code, procedure, treatment location and type, prescription details, Beaumont patient account number and medical record number, officials reported Friday.
"A limited number of individuals’ Social Security numbers, financial account information, health insurance information, and driver's license or state identification numbers were also contained in the impacted email accounts," Beaumont said.
The number of people who could have been impacted reflects less than 5% of the 2.3 million patients Beaumont serves, according to the statement.
Notified patients are asked to monitor insurance statements for any transactions related to care or services they did not receive.
For more information or to find out if they were impacted, people can call a toll-free response line at 888-921-0518 between 9 a.m. and 6:30 p.m. Monday through Friday.
Meanwhile, to minimize the risk of another breach, Beaumont has taken steps including implementing additional technical safeguards as well as providing training and education to staffers on handling malicious emails, representatives said.